Lucene search
@huntr_aiCVELIST:CVE-2023-6020HistoryNov 16, 2023 - 9:07 p.m.
CVE-2023-6020 Ray Static File Local File Include
2023-11-1621:07:33
CWE-862
@huntr_ai
www.cve.org
lfi
ray
static file
local file include
authentication bypass
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
8.6 High
AI Score
Confidence
High
0.064 Low
EPSS
Percentile
93.7%
LFI in Ray’s /static/ directory allows attackers to read any file on the server without authentication.
CNA Affected
[
{
"vendor": "ray-project",
"product": "ray-project/ray",
"versions": [
{
"version": "unspecified",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "latest"
}
]
}
]Related
cve
cve
nuclei
nuclei
Ray Static File - Local File Inclusion
2023-12-05 16:15:41
nvd
nvd
prion
prion
Authentication flaw
2023-11-16 21:15:00
Authentication flaw
2023-11-16 17:15:00
Command injection
2023-11-16 17:15:00
thn
thn
osv
osv
Ray Missing Authorization vulnerability
2023-11-16 21:30:46
Ray Path Traversal vulnerability
2023-11-16 18:30:31
github
github
Ray Missing Authorization vulnerability
2023-11-16 21:30:46
Ray Path Traversal vulnerability
2023-11-16 18:30:31
cvelist
cvelist
CVE-2023-6019 Ray Command Injection in cpu_profile Parameter
2023-11-16 16:12:07
CVE-2023-6021 Ray Log File Local File Include
2023-11-16 16:11:42
openvas
openvas
Generic HTTP Directory Traversal (Web Dirs) - Active Check
2021-07-22 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
8.6 High
AI Score
Confidence
High
0.064 Low
EPSS
Percentile
93.7%
Related for CVELIST:CVE-2023-6020